3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 20:06:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
2381 commits 158 branches 125 tags 103 MiB
Commit graph

27 commits

Author SHA1 Message Date
Caleb Doxsey
0ac7e45a21
atomicutil: use atomicutil.Value wherever possible (#3517) 
* atomicutil: use atomicutil.Value wherever possible

* fix test

* fix mux router
 2022-07-28 15:38:38 -06:00
Caleb Doxsey
d9274f0d19
autocert: continue on error (#3476) 2022-07-12 14:05:27 -06:00
dependabot[bot]
8d8d82fa4d
chore(deps): bump github.com/caddyserver/certmagic from 0.15.4 to 0.16.0 (#3198) 
* chore(deps): bump github.com/caddyserver/certmagic from 0.15.4 to 0.16.0

Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.15.4 to 0.16.0.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.15.4...v0.16.0)

---
updated-dependencies:
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update dependency names

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-03-28 12:46:17 -06:00
Herman Slatman
7812c6985d
Add additional ACME options (#2695) 
The `autocert_ca` and `autocert_email` options have been added to be
able to configure CAs that support the ACME protocol as an alternative
to Let's Encrypt.

Fix ProtoBuf definition for additional autocert options

Fix PR comments and add ACME EAB configuration

Add configuration option for trusted CAs when talking ACME

Fix linter issues

copy edits

render updated reference to docs

Add test for autocert manager configuration

Add tests for autocert configuration options

Fix CI build issues

Don't set empty acme.EAB struct if configuration not set

Remove required email when setting custom CA

When using a non-default CA it's no longer required
to specify an email address. I required this before,
because it seemed to cause an issue in which no certificate
was issued. The root cause was something different,
rendering the hard email requirement pointless. It's
still beneficial to specify an email, though. I changed
the text in the docs to explain that.

Update generated docs

Fix failing tests by recreation of a new ACMEManager

The default ACMEManager object was reused in multiple tests,
resulting in unexpected states when tests run in parallel.
By using a new instance for every test, this is no longer
an issue.
 2021-11-02 14:44:27 -07:00
Caleb Doxsey
4720199d59
autocert: remove log (#2584) 2021-09-10 06:23:32 -06:00
dependabot[bot]
5dd68f5ff0
chore(deps): bump github.com/caddyserver/certmagic from 0.13.1 to 0.14.0 (#2291) 
* chore(deps): bump github.com/caddyserver/certmagic from 0.13.1 to 0.14.0

Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.13.1 to 0.14.0.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.13.1...v0.14.0)

---
updated-dependencies:
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update Obtain and Renew cert to new signatures

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2021-06-14 11:48:05 -04:00
wasaga
b372ab4bcc
ocsp: reload on ocsp response changes (#2286) 2021-06-11 15:58:01 -04:00
dependabot[bot]
d365771e90
chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0 (#2074) 
* chore(deps): bump github.com/caddyserver/certmagic from 0.12.0 to 0.13.0

Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.12.0 to 0.13.0.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.12.0...v0.13.0)

Signed-off-by: dependabot[bot] <support@github.com>

* autocert: fix for certmagic 0.12 -> 0.13

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2021-04-22 15:31:19 -06:00
Caleb Doxsey
b1d62bb541
config: remove validate side effects (#2109) 
* config: default shared key

* handle additional errors

* update grpc addr and grpc insecure

* update google cloud service authentication service account

* fix set response headers

* fix qps

* fix test
 2021-04-22 15:10:50 -06:00
wasaga
e0c09a0998
log context (#2107) 2021-04-22 10:58:13 -04:00
Caleb Doxsey
4cc697ace4
autocert: add metrics for renewal count, total and next expiration (#2019) 2021-03-25 08:03:04 -06:00
Caleb Doxsey
853d2dd478
config: use getters for certificates (#2001) 
* config: use getters for certificates

* update log message
 2021-03-23 08:02:50 -06:00
Caleb Doxsey
3690a32855
config: use getters for authenticate, signout and forward auth urls (#2000) 2021-03-19 14:49:25 -06:00
bobby
fcd8c3644f
options: header only applies to routes and authN (#1862) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2021-02-08 11:05:33 -08:00
Caleb Doxsey
84e8f6cc05
config: fix databroker policies (#1821) 2021-01-25 17:18:50 -07:00
Caleb Doxsey
c90eda5622
autocert: store certificates separately from config certificates (#1794) 2021-01-21 13:13:55 -07:00
Travis Groth
eadd8c2482
autocert: improve logging (#1767) 2021-01-12 10:33:33 -05:00
Caleb Doxsey
a6bc9f492f
authorize: move impersonation into session/service account (#1765) 
* move impersonation into session/service account

* replace frontend statik

* fix data race

* move JWT filling to separate function, break up functions

* maybe fix data race

* fix code climate issue
 2021-01-11 15:40:08 -07:00
Caleb Doxsey
ac19c5041f
autocert: support certificate renewal (#1516) 2020-10-14 08:24:41 -06:00
Caleb Doxsey
3b6c617784
redirect-server: add config headers to responses (#1416) 2020-09-17 13:01:45 -06:00
Caleb Doxsey
e4e6abfd29
certmagic: improve logging (#1358) 
* certmagic: improve logging

* Update internal/autocert/manager.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2020-09-01 09:58:09 -06:00
Caleb Doxsey
79741d5345
autocert: fix locking issue (#1310) 2020-08-20 14:08:52 -06:00
bobby
8a384985f0
autocert: fix bootstrapped cache store path (#1283) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-17 13:27:11 -07:00
Cuong Manh Le
277e6b56e9 internal/autocert: refactoring updateAutocert 
By factor out obtain and renew certification process, return specific
error for each process if failed to contact with letsencrypt server.
 2020-08-10 23:26:35 +07:00
Cuong Manh Le
3c23164347 internal/autocert: re-use cert if renewing failed but cert not expired 
Fixes #1232
 2020-08-10 23:26:35 +07:00
Caleb Doxsey
b79e73b8b8
config: add support for policies stored in the databroker (#1099) 
* wip

* always use databroker config source

* add test

* valid policy, remove debug lines
 2020-07-17 10:35:29 -06:00
Caleb Doxsey
d3a7ee38be
options refactor (#1088) 
* refactor config loading

* wip

* move autocert to its own config source

* refactor options updaters

* fix stuttering

* fix autocert validate check
 2020-07-16 14:30:15 -06:00